LastPass Breach Demonstrates the Power of Avoidance

A recent LastPass breach has once again raised concerns about password managers’ security, especially commercial password managers with cloud infrastructure. The breach led to hackers gaining access to both code and data. This time on Dark Reading, I describe how I became a proponent of secret managers and LastPass, my chosen password manager, and how I helped my family and colleagues to do the same. I also discuss the theory behind the safety of password managers and the downsides of other password management methods, such as using a “good password” for everything.

I address the question of what to do if your password manager is breached, with two main recommendations: ensure that your master password is strong enough and enable multi-factor authentication (MFA) on every important account. I also stress that MFA is notoriously difficult to implement, and manually changing all passwords if plaintext passwords are exposed in a breach would be a catastrophe.

I strongly recommend this article to anyone who uses a password manager and is concerned about the security of their personal information. You will find an insightful discussion of the theory and practical aspects of password managers, and some valuable advice on what to do if your password manager is breached, including practical steps that LastPass users affected by the breach should take.